CoreOS Blog

Blog Menu

Organizations around the world have begun adopting container-oriented infrastructure in the past few years. The first step on the path to container enlightenment is packaging software in container images. Thinking of containers as black boxes is extremely useful for the consistent deployment of software. However, this abstraction is a double-edged sword: If the container is a black box, how do deployers know what’s in it?

We are happy to announce that Quay Security Scanner is now available in the latest release (v1.16.0) of Quay Enterprise, the on-premises version of the Quay container registry by CoreOS. This release marks the Quay Security Scanner feature as enterprise ready. When this feature is enabled in Quay Enterprise, all container images in the registry are indexed and cross-referenced against public vulnerability databases.

You may have heard that the open source project Clair by CoreOS recently released version 1.0. If you’ve been following along, you may also know that Quay’s Security Scanner, a container registry feature that analyzes container images for known vulnerabilities, is based on Clair. Quay Security Scanner now has an entirely new interface atop the Clair 1.0 APIs and PostgreSQL backend.

Today we are releasing a new feature in beta, Security Scanning. Quay Security Scanning will automatically detect and report vulnerabilities in your containers. We have already scanned millions of containers on Quay with this feature, and found that nearly 80% are subject to major vulnerabilities, such as Heartbleed.